AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

AmazonKeyManagementServiceClient.RetireGrant (string)

Method

Search:

Retires a grant. To clean up, you can retire a grant when you're done using it. You
should revoke a grant when you intend to actively deny operations that depend on it.
The following are permitted to call this API:

The AWS account (root user) under which the grant was created

The RetiringPrincipal, if present in the grant

The GranteePrincipal, if RetireGrant is an operation specified
in the grant

You must identify the grant to retire by its grant token or by a combination of the
grant ID and the Amazon Resource Name (ARN) of the customer master key (CMK). A grant
token is a unique variable-length base64-encoded string. A grant ID is a 64 character
unique identifier of a grant. The CreateGrant operation returns both.

Note:

For .NET Core and PCL this operation is only available in asynchronous form. Please refer to RetireGrantAsync.

The request was rejected because the state of the specified resource is not valid
for this request.
For more information about how key state affects the use of a CMK, see How
Key State Affects Use of a Customer Master Key in the AWS Key Management Service
Developer Guide.